AWS Security ChangesHomeSearch

AWS AmazonRDS documentation change

Service: AmazonRDS · 2026-07-10 · Documentation low

File: AmazonRDS/latest/UserGuide/Oracle.Options.OEMAgent.md

Summary

Added Oracle 26ai agent requirements (version 24.1.0.0.v1 and specific TLS ciphers) and updated cipher suite table with Oracle version compatibility

Security assessment

Documents security requirements for new Oracle version including approved TLS ciphers. Table update adds security-relevant compatibility information but doesn't address a specific vulnerability.

Diff

diff --git a/AmazonRDS/latest/UserGuide/Oracle.Options.OEMAgent.md b/AmazonRDS/latest/UserGuide/Oracle.Options.OEMAgent.md
index 3c31aab17..f6491d4e5 100644
--- a//AmazonRDS/latest/UserGuide/Oracle.Options.OEMAgent.md
+++ b//AmazonRDS/latest/UserGuide/Oracle.Options.OEMAgent.md
@@ -130,0 +131,19 @@ Amazon RDS supports the following settings for the Management Agent option.
+###### Note
+
+For Oracle Database 26ai, the Management Agent option has the following requirements:
+
+  * The only supported Management Agent version is `24.1.0.0.v1`.
+
+  * Only the following TLS cipher suites are supported:
+
+    * TLS_RSA_WITH_AES_256_CBC_SHA256
+
+    * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+
+    * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+
+    * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+
+
+
+
@@ -137,0 +157,4 @@ In the AWS GovCloud (US) Regions, 13.1 versions aren't available.
+
+###### Note
+
+For Oracle Database 26ai, the only supported agent version is `24.1.0.0.v1`.  
@@ -149,12 +172,12 @@ The following table lists the TLS cipher suites that the Management Agent option
-Cipher suite | Agent version supported | FedRAMP compliant  
----|---|---  
-TLS_RSA_WITH_AES_128_CBC_SHA | All | No  
-TLS_RSA_WITH_AES_128_CBC_SHA256 | 13.1.0.0.v1 and higher | No  
-TLS_RSA_WITH_AES_256_CBC_SHA | 13.2.0.0.v3 and higher | No  
-TLS_RSA_WITH_AES_256_CBC_SHA256 | 13.2.0.0.v3 and higher | No  
-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | 13.2.0.0.v3 and higher | Yes  
-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | 13.2.0.0.v3 and higher | Yes  
-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | 13.2.0.0.v3 and higher | Yes  
-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | 13.2.0.0.v3 and higher | Yes  
-TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | 13.4.0.9.v1 and higher | Yes  
-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | 13.4.0.9.v1 and higher | Yes  
+Cipher suite | Agent version supported | FedRAMP compliant | Supported Oracle versions  
+---|---|---|---  
+TLS_RSA_WITH_AES_128_CBC_SHA | All | No | 19c, 21c  
+TLS_RSA_WITH_AES_128_CBC_SHA256 | 13.1.0.0.v1 and higher | No | 19c, 21c  
+TLS_RSA_WITH_AES_256_CBC_SHA | 13.2.0.0.v3 and higher | No | 19c, 21c  
+TLS_RSA_WITH_AES_256_CBC_SHA256 | 13.2.0.0.v3 and higher | No | 19c, 21c, 26ai  
+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | 13.2.0.0.v3 and higher | Yes | 19c, 21c  
+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | 13.2.0.0.v3 and higher | Yes | 19c, 21c  
+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | 13.2.0.0.v3 and higher | Yes | 19c, 21c  
+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | 13.2.0.0.v3 and higher | Yes | 19c, 21c, 26ai  
+TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | 13.4.0.9.v1 and higher | Yes | 19c, 21c, 26ai  
+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | 13.4.0.9.v1 and higher | Yes | 19c, 21c, 26ai